How to Choose a Managed Service Provider

Choosing a Managed Service Provider (MSP) can be a critical decision for a business. MSPs provide essential IT services to help businesses manage their information systems and data effectively, and to provide protection from harm found in the digital frontier. To ensure that a business selects the right MSP, it is important to consider the MSP’s security posture, SOC 2 Type II audit, service offerings, and end user support capabilities. 

Here are 4 factors to consider when choosing an MSP: 

  1. Security Posture: A business should look for an MSP with a strong security posture. This means that the MSP has robust security protocols, systems, and processes in place to protect their own systems and their customers. A business can assess an MSP’s security posture by asking some simple questions.
    • First, ask if they use all the products and services they recommend to their customers. 
    • Second, ask them to describe how they manage security of their systems and look for indications that they have a process in place for continual review & improvement (i.e., assessments, policy review and updates).
    • Third, ask about how they are prepared to deal with a potential breach of their systems or a breach of a customer’s environment. If they can talk through the answers clearly with substantive examples, chances are, they spend time working on it internally. If the MSP stumbles and cannot provide substantive answers, ask to speak with someone further up the chain of command and if you can’t get good answers, look elsewhere. 
  2. SOC 2 Type II Audit: An MSP’s SOC 2 Type II audit provides assurance that the MSP has the necessary security controls and processes in place to secure the data and systems of their clients. This audit is conducted by an independent auditing firm and provides a thorough assessment of the MSP’s security posture. Not every MSP will have a SOC 2, Type II audit. Those that do have made significant investments in controls and are audited annually on the adequacy of their controls and how well they adhere to the controls throughout the one-year audit period. 
  3. Service Offerings: A business should consider the services offered by an MSP to determine if they meet the business’s needs. For example, the MSP should offer device patching, endpoint monitoring and management, and data backup and recovery services. Talk about what labor is “in-scope” and what labor is “out of scope”. Figure out if the bundle of service an MSP offers fits with the needs of the business. Can the MSP articulate what is included, or does the MSP struggle to justify the value of their services. An MSP with a higher price per device or higher price per person might have a more robust service offering (bundle) that includes things other MSPs might tack on after the sale.   
  4. End User Support Capabilities: A business should look for an MSP with strong end-user support capabilities. This means that the MSP should be able to provide fast, efficient, and effective support to the business’s employees. The MSP should also be able to effectively provide remote support to resolve issues quickly. Ask about how the deal with calls outside of normal business hours.  

By considering the MSP’s security posture, SOC 2 Type II audit, service offerings, and end-user support capabilities, a business can ensure that it selects an MSP that meets its needs and provides essential IT services, including security, to help manage its information systems and data effectively. 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *